No matter how the site was hacked, the innocent user, who might have visited this particular website for years without a problem, one day gets prompted to install an unexpected program. Although they're surprised, the fact that the prompt is coming from a website they know and trust is enough to get them to run the program. After that, it's game over. The end-user's computer (or mobile device) is yet another cog in someone's big botnet.

Threat No. 9: Cyber warfare

Nation-state cyber warfare programs are in a class to themselves and aren't something most IT security pros come up against in their daily routines. These covert operations create complex, professional cyber warfare programs intent on monitoring adversaries or taking out an adversary's functionality, but as Stuxnet and Duqu show, the fallout of these methods can have consequences for more than just the intended targets. We now even have nation-states, like North Korea, taking down and exploiting a Fortune 500 company because it didn’t like a particular movie.

Crime and no punishment

Some victims never recover from exploitation. Their credit record is forever scarred by a hacker's fraudulent transaction, the malware uses the victim's address book list to forward itself to friends and family members, victims of intellectual property theft spend tens of millions of dollars in repair and prevention.

The worst part is that almost none of those who use the above malicious attacks are successfully prosecuted. The professional criminals on the Internet are living large because the Internet isn't good at producing court-actionable evidence. Even if it could, the suspects are living outside the victim’s court jurisprudence. Most hacking is anonymous by default, and tracks are lost and covered up in milliseconds. Right now, we live in the "wild, wild west" days of the internet. As it matures, the criminal safe havens will dry up. Until then, IT security pros have their work cut out for them.

This story, "IT's 9 biggest security threats" was originally published by
InfoWorld.